Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16954

Strangers can always create an account using SSO authentication (OpenID)

    Details

    • Business Value:
      3
    • CVSS Base Score:
      6.5
    • CVSS Vector String:
      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

      Description

      In Liferay DXP 7.1 and DXP 7.0, SSO authentication does not respect the setting, "Allow strangers to create accounts?" If SSO authentication is enabled, users who authenticate using Facebook, Google, OpenID, OpenID Connect or OpenSSO can create an account even if strangers are not allowed to create accounts.

      Note: OpenID SSO is not bundled with DXP 7.2.

        Attachments

          Activity

            People

            Assignee:
            support-ee EE Support
            Reporter:
            tibor.lipusz Tibor Lipusz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.0.X EE
                7.1.x EE